256-bit vs 512-bit strength security

Kevin D Butt kdbutt at us.ibm.com
Thu Sep 13 11:20:01 PDT 2007

Formatted message: <A HREF="r0709132_f.htm">HTML-formatted message</A>

I would like to share what Hugo Krawczyk, one of IBM's cryptographers has 
shared with me.
The 256-strength suite is total overkill.
There is no need to use AES with 256-bit key today or SHA-512.
Of course, the 128-bit suite may be broken next month (or in 5 years) but 
the same is possible 
for the 256-bit suite. Actually, who said 500-bit EC will not turn out to 
have only 128 bit of security in a 
breakthrough cryptanalysis in 5-10 years (or next month)?
Given the information we have today, the 128-bit suite is good enough for 
almost all commercial applications.
If you need security of your data for the next 50 years you may consider 
going to a stronger suite, but then 
(again) who said that the 256-bit will suffice? (for 50 year security I 
recommend sending it inside a physical safe :)
The only reason I see now for going for a 256-bit suite is to promote ECC.
That may or may not be a good idea, but it should be clear that that's the 
only relevant reason for this suite.
Kevin D. Butt
SCSI & Fibre Channel Architect, Tape Firmware
MS 6TYA, 9000 S. Rita Rd., Tucson, AZ 85744
Tel: 520-799-2869 / 520-799-5280
Fax: 520-799-2723 (T/L:321)
Email address: kdbutt at us.ibm.com
Ralph Weber <roweber at IEEE.org> 
Sent by: owner-t10 at t10.org
09/12/2007 07:25 PM
"'t10 at t10.org'" <t10 at t10.org>
256-bit vs 512-bit strength security
* From the T10 Reflector (t10 at t10.org), posted by:
* Ralph Weber <roweber at ieee.org>
On Wednesday afternoon in Vancouver, you will be asked
to vote your company's position on a choice between
mandating 256-bit strength security or 512-bit strength
security in SPC-4.
If you do not yet know your company's position,
now would be a good time to start asking some
embarrassing questions.
All the best,
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at t10.org

More information about the T10 mailing list